CVE-2024-3039

A vulnerability classified as critical has been found in Shanghai Brad Technology BladeX 3.4.0. Affected is an unknown function of the file /api/blade-user/export-user of the component API. The manipulation with the input updatexml1,concat0x3f,md5123456,0x3f,1=1 leads to sql injection. It is...

Exploit for CVE-2024-12270

CVE-2024-12270 Beautiful Taxonomy Filters = 5.1 AND string err...

SpringBlade SQL注入漏洞

SpringBlade is a microservices development platform from Blade, a Chinese company. A SQL injection vulnerability exists in SpringBlade version 4.1.0, which originates from /api/blade-system/menu/list?updatexml contains a SQL injection vulnerability...

Sql injection

A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack can be...

Sql injection

A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1 and updatexml0,concat0x7e,user,1 leads to sql injection. The attack may be launched remotely. Th...

SUSE CVE-2012-5614

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...

Dolibarr 7.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

NodAPS 4.0 - SQL injection Cross-Site Request Forgery

NodAPS 4.0 - SQL injection Cross-Site Request Forgery Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...

帝友P2P借货系统全局问题造成多处注入（无视360防御/gpc/受长度限制)

简要描述： 帝友P2P借货系统全局问题多处注入,无视360防御,gpc附加整套系统数据库分析 从注入一步步到后台拿shell，分析数据库，注入出后台地址和管理员密码明文 详细说明： --------------------------- 注入篇 首先看看全局文件出现的问题 core\function.inc.php中 function ipaddress if!empty$SERVER"HTTPCLIENTIP" $ipaddress = $SERVER"HTTPCLIENTIP"; else if!empty$SERVER"HTTPXFORWARDEDFOR" $ipaddress =...

Ecmall V2.3.0-UTF8 正式版SQL注入漏洞(绕过过滤)

简要描述： 打了最新的补丁 详细说明： 漏洞http://wooyun.org/bugs/wooyun-2010-065284 绕过方法： updatexml函数 extractvalue函数 漏洞证明： url: http://localhost/ecmall/index.php?app=myshipping&act=edit&shippingid=1 payload1: shippingname=li&shippingdesc=asd&irstprice=10&stepprice=0&enabled=1&sortorder=255&codregions1' or...

Joomla Component (com_idoblog) SQL Injection Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '70468' ssvid version = '1.0' author = 'kikay' vulDate = '2010-12-25' createDate ...

mysql: COM_BINLOG_DUMP crash on invalid data

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...

Command injection

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...

CVE-2012-5614

Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service mysqld crash via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements...

dedecms 5.6 RSS subscription page injection vulnerability-vulnerability warning-the black bar safety net

EXP: the uploads/plus/rss. php? tid=1&Cs1=1&Cs2%2 9% 2 9%20AND%2 0% 2 2% 2 7% 2 2%20AND%20updatexml%2 8 1,%28SELECT%20CONCAT%280x5b,uname,0x3a,MID%28pwd,4,1 6% 2 9,0x5d%2 9%20FROM%20dedeadmin%29,1%2 9%2 3%2 70=1 The use of the environment: GPC off There updatexml function...